Subcontracting VPN Solutions?

musikit asks: "My company has recently decided that they have too many sites to have people e-mail back and forth requests for forms, and documentation. They would like to find a subcontractor that would set up a site-to-site VPN connect which would allow our system to do all the usual tasks (http, https, webdav, samba, imap, pop3, etc). I have been looking all over for a subcontractor and every search seems to point me to learn more about how VPN technologies work. Has the Slashdot crowd had any experience in subcontracting out a VPN solution? Would anyone care to recommend a starting point for us to find/compare/contrast different VPN contractors?"

Or...

[brunes69]

.. you could just buy a Linksys WRT54G, flash the firmware, and have a VPN solution for under 60 bucks USD (oh, plus a bonus WAP).

Re:Or...

[tigersha]

Yeah, and a boatload of work and the fact that you have to open en box and mess around with a screwdriver to short out pins when you cock up the flash and and and. Been there done that. The linksys is great but its not the nirvana everyone says. The one thing that would make is totally loco would be to replace the on-board flash with a removable CompactFlash socket. Soekris and WRAP both have this. It really makes it better to run in an emergency.

And a Serial port for emergencies.

Re:DIY

[cjsnell]

Or, save yourself the headache and use OpenVPN under OpenBSD. It has no problem at all with dynamic IP clients and keeps the VPN running smoothly when the IP address changes. It uses OpenSSL, so the crypto is legit and can be accelerated with one of Soekris's HiFn cards.

Eh????

[brunes69]

For one, the VPN would not run over the WLAN, it would run over the hard links.

For two, you could easily disable the WLAN interface if you do not have the knowhow on how to set up a DMZ with it.